Legal claims defining the scope of protection, as filed with the USPTO.
1. A mobile device comprising: a processor; an input/output interface circuit coupled to the processor; a memory to store a biometric reference template, the biometric reference template comprising biometric reference information of a user; and a client authentication circuit to: transmit an initiation signal to an authentication device, wherein the initiation signal is to specify requirements of a protected environment of the authentication device that is to enforce a temporary storage of the biometric reference information; receive an attestation signal from the authentication device, the attestation signal including attestation information that attests to characteristics of the protected environment of the authentication device; evaluate the attestation information to determine whether the characteristics of the protected environment of the authentication device meet the requirements; and permit transmission of the biometric reference template to the authentication device in response to analysis of the attestation information.
2. The mobile device of claim 1 , wherein the client authentication circuit is to deny transmission of at least some of the biometric reference template to the authentication device when the characteristics of the protected environment implemented by the authentication device do not meet the requirements.
3. The mobile device of claim 1 , wherein the attestation information further comprises information regarding an ability of the authentication device to hold the biometric reference template in confidence, and the client authentication circuit is further to: compare the attestation information to a collection of predetermined acceptable and unacceptable protected environments; permit transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined acceptable protected environments; and deny transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined unacceptable protected environments.
4. The mobile device of claim 1 , wherein: the initiation signal is further to cause the authentication device to attest, in the attestation signal, to a temporary storage policy by the protected environment; and the client authentication circuit is further to: analyze the attestation information to determine whether the temporary storage policy is in accordance with predetermined parameters for the temporary storage and deletion of biometric reference templates from the protected environment; and permit transmission of the biometric reference template when it is determined that the temporary storage policy implemented by the protected environment meets the predetermined parameters for the temporary storage and deletion of biometric reference templates.
5. The mobile device of claim 1 , wherein the requirements comprises one or more of a type of the protected environment, processing resources of the protected environment, memory of the protected environment, input/output resources of the protected environment, or one or more combinations thereof.
6. The mobile device of claim 1 , wherein the mobile device comprises a smartphone.
7. The mobile device of claim 1 , wherein the initiation signal includes a task certificate to describe an authentication to be performed by the authentication device.
8. The mobile device of claim 1 , wherein the mobile device is to verify an authenticity of the authentication device based on an electronic signature protocol, and transmit the biometric reference template responsive to the authenticity verification.
9. The mobile device of claim 1 , wherein the mobile device is to transmit the biometric reference template via a close range communication network.
10. The mobile device of claim 1 , wherein the mobile device is to transmit the biometric reference template via a near field communication.
11. The mobile device of claim 1 , wherein the biometric reference information comprises one or more of biosignal information, DNA information, and voice information.
12. An authentication device comprising: a processor; a memory; at least one sensor; and an authentication device attestation circuit, wherein the authentication device attestation circuit is to: transmit, in response to receipt of an initiation signal from a client device, an attestation signal comprising attestation information to attest to characteristics of a protected environment of the authentication device, wherein the attestation signal is to enable the client device to determine whether the characteristics of the protected environment meet requirements of the protected environment for temporary storage of a biometric reference template, the requirements comprising one or more of a type of protected environment, processing resources of the protected environment, memory of the protected environment, input/output resources of the protected environment, or one or more combinations thereof; store a biometric reference template received from the client device in the protected environment; biometrically authenticate a user with the biometric reference template stored in the protected environment; establish an authenticated session to enable the user to access at least one resource protected by the authentication device, if the biometric authentication of the user is successful; and delete the biometric reference template upon detection of a termination event.
13. The authentication device of claim 12 , wherein the authentication device attestation circuit is further to perform the biometric authentication using biometric test information obtained from the user via the at least one sensor.
14. The authentication device of claim 12 , further comprising a continuous authentication confidence circuit to determine a confidence level regarding whether the user is in proximity to the authentication device during the authenticated session.
15. The authentication device of claim 14 , wherein the continuous authentication confidence circuit is to determine the confidence level based at least in part on context information.
16. The authentication device of claim 15 , wherein the continuous authentication confidence circuit is to use a first sensor having a first power consumption to determine the user proximity when the confidence level is greater than a threshold and to use a second sensor having a second power consumption greater than the first power consumption when the confidence level is less than the threshold.
17. The authentication device of claim 12 , wherein the authentication device is to sign the attestation signal with a first private key, the memory of the protected environment to store the first private key, wherein the client device is to verify an authenticity of the first private key with a corresponding first public key.
18. The authentication device of claim 12 , wherein the memory comprises at least one enclave to store the biometric reference information.
19. A method comprising: transmitting an authentication initiation signal to an authentication device, wherein the authentication initiation signal is to specify requirements of a protected environment of the authentication device to enforce a temporary storage of biometric reference information; receiving an attestation signal from the authentication device, the attestation signal including attestation information to attest to characteristics of the protected environment of the authentication device; evaluating the attestation information to determine whether the characteristics of the protected environment implemented in the authentication device meet the requirements; and permitting transmission of a biometric reference template comprising the biometric reference information to the authentication device in response to determining that the characteristics of the protected environment implemented in the authentication device meet the requirements.
20. The method of claim 19 , further comprising: comparing the attestation information to a collection of predetermined acceptable and unacceptable protected environments; permitting the transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined acceptable protected environments; and denying the transmission of the biometric reference template to the authentication device when the comparison establishes that the protected environment implemented by the authentication device is one or more of the predetermined unacceptable protected environments.
Unknown
June 26, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.